Questions

I have a user (XP pro) who gets locked out of her account every day.

+
0 Votes
Locked

I have a user (XP pro) who gets locked out of her account every day.

btoohey
Every evening after the user leaves I go into AD and unlock her account the next morning she is locked again. I've made a completely new profile on the pc and in AD and she is still getting locked out. I've unplugged the pc's power to rule out the Auto startup we have running and had no luck.
Any ideas are MUCH appreciated
Clarifications Clarifications
+
0 Votes
rcassel
Collapse -

If the user has manually mounted a drive on another PC with his or her User ID and an old password the account will be locked out after a few hours.

+
0 Votes
Jxoco
Collapse -

We have the same thing with one of our users. A long time user, but we just instituted password changing after 30 days.
So if she has a drive mapping 'out there' how can I find the machine that the mapping is on.
Like a needle in a haystack we have about 700 machines on the network. How can I narrow it down?

+
0 Votes
MrRich
Collapse -

You ought to be able to check her logons on your DC's event log. Once you know which machines she has used its easy, just check those workstations for the drive mappings.
RDP to the workstation and log in as the user.
(Which may mean changing her password again...)

Another way would be to set her a logon script that lists the mapped drives to a file. Run that for a few days and see what you get.

+
0 Votes
lyle
Collapse -

Many users type the password incorrectly or do not remember it. How many tries does she get before being locked out? Is she in the habit of always having the Caps Lock on? Also with many systems requiring several passwords - Domain, AS/400, Firewall, etc. it is easy to confuse even appearantly savvy users as to which password is used when.

+
0 Votes
bmacias
Collapse -

Has the user logged into another computer or server (terminal Server) since last password change? I don't suppose you have any logging or alert system turned on that would tell you which machine is making the calls (You using sitescope)? The Lockout could be caused by a service or schedule task running with user's old credentials (I hold company lock out record for that one).

+
0 Votes
308Tom
Collapse -

A user who "forgot" they had logged on to another computer, failed to logoff AND had changed their password in the interim has been my most common cause of this issue. Usually they only "remember" after you find the offending workstation.

Check the Domain Controller security logs to find what may be a 529 error or a Kerberos error 0x18 and may have the user's ID in it. That will yield the IP address of the station that is trying to authenticate with a bad password and triggering the lockout.

Another possibility is the user mapped a persistent static drive with their credential while another user was logged in on another machine - and subsequently changed their password.

Again back to the Domain Controller security logs to find the offending IP.

+
0 Votes
bconley
Collapse -

Perhaps at some point she saved a password that authenticates her to some domain resource such as authenticating to a file share or IIS site. We have a analytical cell counter instrument that uses IIS.

+
0 Votes
cawallace007
Collapse -

This has only happened after a password change for my users, including myself.

It gets fixed by doing the following, not sure which one.

Turn off cache mode in MS Outlook.
Delete and recreate any printers or drive mappings that were created locally versus through domain login.

+
0 Votes
issy_3
Collapse -

Check for any services that might be running with that account, i had a similar situation and that was the problem

Issy

+
0 Votes
sylesh.charan
Collapse -

Please make sure the user does a proper logout procdure from the desktop or laptop client. Once you have confirmed, check the users has got no logout script in AD that runs when the users logout. let me know.

Thanks